NetBSD/src Gm9TbNPexternal/mpl/bind/lib Makefile.inc

   bind: remove outdated lint warning

   In C11 mode, lint now allows typedef to redefine an existing type.
VersionDeltaFile
1.4+5-5external/mpl/bind/lib/Makefile.inc
+5-51 files

NetBSD/src OC69fpatests/usr.bin/xlint/lint1 msg_089.c c11.c, usr.bin/xlint/lint1 decl.c

   lint: in C11 mode, allow typedef to redefine an existing type
VersionDeltaFile
1.6+16-2tests/usr.bin/xlint/lint1/msg_089.c
1.427+7-5usr.bin/xlint/lint1/decl.c
1.15+9-1tests/usr.bin/xlint/lint1/c11.c
1.19+9-1tests/usr.bin/xlint/lint1/c23.c
+41-94 files

NetBSD/src otienUsexternal/bsd/jemalloc/dist config.log, external/bsd/jemalloc/dist/bin jeprof

   Import jemalloc-5.3.1 (previous was 5.3.0)

   This release includes over 390 commits spanning bug fixes, new features,
   performance optimizations, and portability improvements. Multiple percent
   of system-level metric improvements were measured in tested production
   workloads. The release has gone through large-scale production testing
   at Meta.

   New features:

   Support pvalloc. (@Lapenkov: 5b1f2cc)
   Add double free detection for the debug build. (@izaitsevfb:
   36366f3, @guangli-dai: 42daa1a, @divanorama: 1897f18)
   Add compile-time option --enable-pageid to enable memory mapping
   annotation. (@devnexen: 4fc5c4f)
   Add runtime option prof_bt_max to control the max stack depth for
   profiling. (@guangli-dai: a0734fd)
   Add compile-time option --enable-force-getenv to use getenv instead
   of secure_getenv. (@interwq: 481bbfc)

    [129 lines not shown]
VersionDeltaFile
1.1+5,816-0external/bsd/jemalloc/dist/bin/jeprof
1.1+4,603-0external/bsd/jemalloc/dist/config.log
1.1+3,967-0external/bsd/jemalloc/dist/doc/jemalloc.xml
1.1.1.3+1,347-1,432external/bsd/jemalloc/dist/test/unit/SFMT.c
1.1.1.3+1,506-1,174external/bsd/jemalloc/dist/src/ctl.c
1.1.1.3+605-1,622external/bsd/jemalloc/dist/src/jemalloc.c
+17,844-4,228560 files not shown
+63,658-22,629566 files

NetBSD/pkgsrc XEQ9vSqdoc CHANGES-2026

   doc: Updated textproc/jsongrep to 0.9.0nb1
VersionDeltaFile
1.2459+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc yk9jH1gtextproc/jsongrep Makefile PLIST

   textproc/jsongrep: install man pages
VersionDeltaFile
1.4+16-1textproc/jsongrep/Makefile
1.2+6-0textproc/jsongrep/PLIST
+22-12 files

NetBSD/pkgsrc pFwH0dQdoc CHANGES-2026

   doc: Updated graphics/feh to 3.12.1
VersionDeltaFile
1.2458+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 7kcQQNfgraphics/feh distinfo Makefile

   graphics/feh: update to 3.12.1

   Mon, 06 Apr 2026 21:47:59 +0200  Birte Friesel <derf+feh at finalrewind.org>

   * Release v3.12.1
       * Update tests to reflect the %f/%F changes implemented in v3.12

   Mon, 06 Apr 2026 11:13:12 +0200  Birte Friesel <derf+feh at finalrewind.org>

   * Release v3.12
       * Disallow %f and %n format specifiers in --action and --info strings;
         abort with an error message if those are encountered. Use %F and %N
         instead. Rationale: %f and %n do not escape shell-specific syntax and
         are thus a security risk when passing untrusted file names to feh. %F and
         %N, which have been available since v2.3 (Feb 2012), do escape
         shell-specific syntax. Migration path: Replace %f (or '%f') and %n (or
         '%n') with %F and %N (without '') in --action and --info commands.
         Reported by Paavan Bagla, Archit Goyal, Michael Hurtado, Venkat Nallam,
         and Jaden Wang <https://github.com/derf/feh/issues/821>.

    [9 lines not shown]
VersionDeltaFile
1.75+4-4graphics/feh/distinfo
1.147+2-2graphics/feh/Makefile
+6-62 files

NetBSD/src CSqmXG2doc 3RDPARTY

   3RDPARTY: update a minor detail about OpenSSL versioning
VersionDeltaFile
1.2186+2-2doc/3RDPARTY
+2-21 files

NetBSD/pkgsrc-wip 970d80bsayonara Makefile

sayonara: fix depends
DeltaFile
+2-0sayonara/Makefile
+2-01 files

NetBSD/src rCuNsTvsys/arch/aarch64/aarch64 pmap_machdep.c pmap.c, sys/arch/aarch64/include pmap.h

   pmap: move userland xtab activate/deactivate into pmap_md_asid{,de}activate

   pmap_segtab_{,de}activate() no longer calls pmap_md_xtab_{,de}activate()

   Instead move the calls into
       - pmap_tlb_asid_acquire()
       - pmap_tlb_asid_deactivate()

   respectively.

   Rename xtab to asid at the same time so that the functions are now named
   pmap_md_asid_{,de}activate(), and are provided as static inline to improve
   code size.

   On arm32 and aarch64 TTBR0 is disabled for the entire time that a userland
   process in not pmap_activate()ed and only ever enabled if a userland
   process is pmap_activate()ed. This results in less twiddling of the disable
   bit, and no speculation window there incorrect TTBR0 walks can occur.

   The last part makes GENERIC64_PMAPMI stable on Fusion on an M4 laptop.
VersionDeltaFile
1.448+18-93sys/arch/arm/arm32/pmap.c
1.13+11-72sys/arch/aarch64/aarch64/pmap_machdep.c
1.179+60-1sys/arch/arm/include/arm32/pmap.h
1.60+48-1sys/arch/aarch64/include/pmap.h
1.154+13-34sys/arch/aarch64/aarch64/pmap.c
1.26+2-35sys/arch/riscv/riscv/pmap_machdep.c
+152-23610 files not shown
+234-27516 files

NetBSD/src qydPaq1external/mpl/bind/lib Makefile.inc

   bind: re-enable some suppressed lint warnings

   An amd64 build works fine without them.
VersionDeltaFile
1.3+1-3external/mpl/bind/lib/Makefile.inc
+1-31 files

NetBSD/pkgsrc ERW7ZB2doc CHANGES-2026 TODO

   doc: Updated graphics/openexr to 3.4.10
VersionDeltaFile
1.2457+2-1doc/CHANGES-2026
1.27133+1-2doc/TODO
+3-32 files

NetBSD/pkgsrc C9LErfTgraphics/openexr distinfo Makefile

   openexr: update to 3.4.10.

   ## Version 3.4.10 (April 16, 2026)

   Patch release that addresses the following security vulnerabilities:

   * [CVE-2026-39886](https://www.cve.org/CVERecord?id=CVE-2026-39886) HTJ2K Signed Integer Overflow in `ht_undo_impl()`
   * [CVE-2026-40244](https://www.cve.org/CVERecord?id=CVE-2026-40244) Integer overflow in DWA `setupChannelData` `planarUncRle` pointer arithmetic (missed variant of CVE-2026-34589)
   * [CVE-2026-40250](https://www.cve.org/CVERecord?id=CVE-2026-40250) Integer overflow in DWA decoder `outBufferEnd` pointer arithmetic (missed variant of CVE-2026-34589)

   ### Merged Pull Requests

   * [2346](https://github.com/AcademySoftwareFoundation/openexr/pull/2346)
   Fix integer overflow in internal_dwa_compressor.h
   * [2345](https://github.com/AcademySoftwareFoundation/openexr/pull/2345)
   Fix HTJ2K bytes-per-line integer overflow in internal_ht.cpp
   * [2340](https://github.com/AcademySoftwareFoundation/openexr/pull/2340)
   Fix 3.4.9 cve list formatting
   * [2339](https://github.com/AcademySoftwareFoundation/openexr/pull/2339)

    [24 lines not shown]
VersionDeltaFile
1.73+4-4graphics/openexr/distinfo
1.81+2-2graphics/openexr/Makefile
+6-62 files

NetBSD/pkgsrc Bynm5dtdoc CHANGES-2026 TODO

   doc: Updated textproc/libxmlb to 0.3.26
VersionDeltaFile
1.2456+2-1doc/CHANGES-2026
1.27132+1-2doc/TODO
+3-32 files

NetBSD/pkgsrc x15woHatextproc/libxmlb distinfo Makefile

   libxmlb: update to 0.3.26.

   Version 0.3.26
   ~~~~~~~~~~~~~~
   Released: 2026-04-14

   New Features:
    - Parse CDATA as text (Milan Crha)

   Bugfixes:
    - Add bounds check to prevent OOB read in token index lookup (Richard Hughes)
    - Do not write an invalid silo when more than 63 attrs on one node (Richard Hughes)
    - No inotify for illumos and Solaris (Marcel Telka)
    - Prevent stack overflow from unbounded recursion in export (Richard Hughes)
VersionDeltaFile
1.4+4-4textproc/libxmlb/distinfo
1.9+2-3textproc/libxmlb/Makefile
+6-72 files

NetBSD/pkgsrc aT8jwAidoc CHANGES-2026 TODO

   doc: Updated graphics/libsixel to 1.8.7r1
VersionDeltaFile
1.2455+2-1doc/CHANGES-2026
1.27131+1-2doc/TODO
+3-32 files

NetBSD/pkgsrc 2azqXxEgraphics/libsixel Makefile distinfo

   libsixel: update to 1.8.7r1.

   Security fix for CVE-2026-33023 (GHSA-hr25-g2j6-qjw6), use-after-free in load_with_gdkpixbuf().
   Thanks to @nicoppida

   Security fix for CVE-2026-33018 (GHSA-w46f-jr9f-rgvp), use-after-free in load_gif().
   Thanks to @nicoppida

   Security fix for CVE-2026-33019 (GHSA-c854-ffg9-g72c), integer overflow that leads to out-of-bounds read in img2sixel.
   Thanks to @nicoppida

   Security fix for CVE-2026-33020 (GHSA-2xgm-4x47-2x2p), integer overflow in write_png_to_file() that leads to heap overflow.
   Thanks to @nicoppida

   Security fix for CVE-2026-33021 (GHSA-j6m5-2cc7-3whc), use-after-free in sixel_encoder_encode_bytes().
   Thanks to @nicoppida

   Security fix for #222, out-of-bounds memory access in packed pixel format copy path.
   Thanks to @xyzzy42

    [12 lines not shown]
VersionDeltaFile
1.83+5-4graphics/libsixel/Makefile
1.29+4-4graphics/libsixel/distinfo
+9-82 files

NetBSD/pkgsrc C15dqpSdoc CHANGES-2026 TODO

   doc: Updated graphics/libexif to 0.6.26
VersionDeltaFile
1.2454+2-1doc/CHANGES-2026
1.27130+1-2doc/TODO
+3-32 files

NetBSD/pkgsrc 9iPgBfRgraphics/libexif distinfo Makefile

   libexif: update to 0.6.26.

   libexif-0.6.26 (2026-04-14):

   * Security issues fixed:
     * CVE-2026-40386: An unsigned integer underflow in Fuji and Olympus makernote handling
     * CVE-2026-40385: An unsigned integer overflow on 32bit systems in Nikon makernote handling
     * CVE-2026-32775: A buffer overwrite via integer underflow in makernote handling
   * handle JPEG APP3 marker
   * added EXIF_TAG_IMAGE_DEPTH tag

   * translations updated: Arabic, German, Spanish, Polish, Romanian,
     Serbian, Swedish, Ukrainian, Chinese
VersionDeltaFile
1.38+4-4graphics/libexif/distinfo
1.55+2-2graphics/libexif/Makefile
1.24+1-0graphics/libexif/PLIST
+7-63 files

NetBSD/pkgsrc OIhS2RZdoc CHANGES-2026

   doc: Updated print/cups to 2.4.17
VersionDeltaFile
1.2453+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc t6rhYardoc CHANGES-2026

   doc: Updated print/cups-base to 2.4.17
VersionDeltaFile
1.2452+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc sD3EX7Xdoc TODO CHANGES-2026

   doc: Updated print/libcups to 2.4.17
VersionDeltaFile
1.27129+1-2doc/TODO
1.2451+2-1doc/CHANGES-2026
+3-32 files

NetBSD/pkgsrc X5gTZAwprint/cups Makefile.common Makefile, print/cups-base distinfo Makefile

   *cups*: update to 2.4.17

   Changes in CUPS v2.4.17 (2026-04-17)
   ------------------------------------

   - CVE-2026-27447: The scheduler treated local user and group names as case-
     insensitive.
   - CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS
     directory.
   - CVE-2026-34980: The scheduler did not filter control characters from option
     values.
   - CVE-2026-34979: The scheduler did not always allocate enough memory for a
     job's options string.
   - CVE-2026-34990: The scheduler incorrectly allowed local certificates over the
     loopback interface.
   - CVE-2026-39314: Fixed the range check for job password strings.
   - CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
   - CVE-2026-NNNNN: Fixed a SNMP string conversion bug in the backends.
   - The scheduler followed symbolic links when cleaning out its temporary

    [28 lines not shown]
VersionDeltaFile
1.5+15-15print/cups-base/patches/patch-scheduler-main.c
1.48+6-6print/cups-base/distinfo
1.6+5-5print/cups-base/patches/patch-scheduler_auth.c
1.27+2-2print/cups/Makefile.common
1.83+1-2print/cups-base/Makefile
1.302+1-2print/cups/Makefile
+30-321 files not shown
+31-347 files

NetBSD/pkgsrc 26tLNaTdoc TODO CHANGES-2026

   doc: Updated textproc/jsongrep to 0.9.0
VersionDeltaFile
1.27128+1-2doc/TODO
1.2450+2-1doc/CHANGES-2026
+3-32 files

NetBSD/pkgsrc Sad2Jbmtextproc/jsongrep distinfo Makefile

   jsongrep: update to 0.9.0.

   What's Changed

       feat: add first github pages playground by @thomas9911 in #31
       refactor(cli): --porcelain flag, make --count/ --depth mutually exclusive, --depth with query by @micahkepe in #32
VersionDeltaFile
1.3+4-4textproc/jsongrep/distinfo
1.3+2-2textproc/jsongrep/Makefile
+6-62 files

NetBSD/pkgsrc AMrnZHydoc CHANGES-2026 TODO

   doc: Updated devel/jjui to 0.10.3
VersionDeltaFile
1.2449+2-1doc/CHANGES-2026
1.27127+1-2doc/TODO
+3-32 files

NetBSD/pkgsrc tqWEU61devel/jjui distinfo go-modules.mk

   jjui: update to 0.10.3.

   This release includes new Lua customisation support, repo-local
   configuration, preview sizing improvements, and a set of UI fixes.
   There were also some internal changes around action routing and
   rendering, so if something feels broken or behaves differently,
   please let me know.
VersionDeltaFile
1.17+58-46devel/jjui/distinfo
1.10+18-14devel/jjui/go-modules.mk
1.26+2-3devel/jjui/Makefile
+78-633 files

NetBSD/pkgsrc-wip a7e3894. TODO, crush distinfo go-modules.mk

crush: update to 0.60.0
DeltaFile
+297-288crush/distinfo
+98-95crush/go-modules.mk
+1-1crush/Makefile
+0-1TODO
+396-3854 files

NetBSD/pkgsrc 4HorYjAdoc CHANGES-2026

   doc: Updated www/ruby-propshaft to 1.3.2
VersionDeltaFile
1.2448+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc E2NYvXbwww/ruby-propshaft distinfo Makefile

   www/ruby-propshaft: update to 1.3.2

   1.3.2 (2026-04-17)

   What's Changed

   * Add charset=utf-8 to Content-Type for CSS and HTML assets by @flavorjones
     in #264

   New Contributors

   * @flavorjones made their first contribution in #265
VersionDeltaFile
1.2+4-4www/ruby-propshaft/distinfo
1.2+2-2www/ruby-propshaft/Makefile
+6-62 files